diff options
author | Brennan Conroy <brecon@microsoft.com> | 2022-07-29 22:04:06 +0300 |
---|---|---|
committer | Brennan Conroy <brecon@microsoft.com> | 2022-07-29 22:04:06 +0300 |
commit | e3795c28c4bc011f6d559dfeb53bb035accee736 (patch) | |
tree | c2ec05cdc904b1131366bda7d4e2578564c77587 | |
parent | dd35c8313ee91627302d20c34c8ca89e636a44e0 (diff) |
Cleanup u8 workaroundsbrecon/cleanup
4 files changed, 20 insertions, 36 deletions
diff --git a/src/DataProtection/Abstractions/test/DataProtectionCommonExtensionsTests.cs b/src/DataProtection/Abstractions/test/DataProtectionCommonExtensionsTests.cs index 308236eb7f..35698a369e 100644 --- a/src/DataProtection/Abstractions/test/DataProtectionCommonExtensionsTests.cs +++ b/src/DataProtection/Abstractions/test/DataProtectionCommonExtensionsTests.cs @@ -249,8 +249,7 @@ public class DataProtectionCommonExtensionsTests // Act & assert var ex = Assert.Throws<CryptographicException>(() => { - var plainText = "Hello\ud800"; - mockProtector.Object.Protect(plainText); + mockProtector.Object.Protect("Hello\ud800"); }); Assert.IsAssignableFrom<EncoderFallbackException>(ex.InnerException); } @@ -263,8 +262,7 @@ public class DataProtectionCommonExtensionsTests mockProtector.Setup(p => p.Protect(new byte[] { 0x48, 0x65, 0x6c, 0x6c, 0x6f })).Returns(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 }); // Act - var plainText = "Hello"; - string retVal = mockProtector.Object.Protect(plainText); + string retVal = mockProtector.Object.Protect("Hello"); // Assert Assert.Equal("AQIDBAU", retVal); @@ -279,8 +277,7 @@ public class DataProtectionCommonExtensionsTests // Act & assert var ex = Assert.Throws<CryptographicException>(() => { - var data = "A"; - mockProtector.Object.Unprotect(data); + mockProtector.Object.Unprotect("A"); }); } @@ -294,8 +291,7 @@ public class DataProtectionCommonExtensionsTests // Act & assert var ex = Assert.Throws<CryptographicException>(() => { - var data = "AQIDBAU"; - mockProtector.Object.Unprotect(data); + mockProtector.Object.Unprotect("AQIDBAU"); }); Assert.IsAssignableFrom<DecoderFallbackException>(ex.InnerException); } diff --git a/src/DataProtection/Extensions/test/DataProtectionAdvancedExtensionsTests.cs b/src/DataProtection/Extensions/test/DataProtectionAdvancedExtensionsTests.cs index db96c3698a..b5de038ff6 100644 --- a/src/DataProtection/Extensions/test/DataProtectionAdvancedExtensionsTests.cs +++ b/src/DataProtection/Extensions/test/DataProtectionAdvancedExtensionsTests.cs @@ -23,8 +23,7 @@ public class DataProtectionAdvancedExtensionsTests mockDataProtector.Setup(o => o.Protect(plaintextAsBytes, expiration)).Returns(new byte[] { 0x01, 0x02 }); // Act - var plainText = "this is plaintext"; - string protectedPayload = mockDataProtector.Object.Protect(plainText, expiration); + string protectedPayload = mockDataProtector.Object.Protect("this is plaintext", expiration); // Assert Assert.Equal(SampleEncodedString, protectedPayload); @@ -87,8 +86,7 @@ public class DataProtectionAdvancedExtensionsTests mockDataProtector.Setup(o => o.Unprotect(new byte[] { 0x01, 0x02 }, out controlExpiration)).Returns(Encoding.UTF8.GetBytes("this is plaintext")); // Act - var sampleEncodedString = SampleEncodedString; - string unprotectedPayload = mockDataProtector.Object.Unprotect(sampleEncodedString, out var testExpiration); + string unprotectedPayload = mockDataProtector.Object.Unprotect(SampleEncodedString, out var testExpiration); // Assert Assert.Equal("this is plaintext", unprotectedPayload); diff --git a/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs b/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs index 87d5755228..3e6a60f2e5 100644 --- a/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs +++ b/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs @@ -32,8 +32,7 @@ public class DataProtectionProviderTests // Step 2: instantiate the system and round-trip a payload var protector = DataProtectionProvider.Create(directory).CreateProtector("purpose"); - var plainText = "payload"; - Assert.Equal(plainText, protector.Unprotect(protector.Protect(plainText))); + Assert.Equal("payload", protector.Unprotect(protector.Protect("payload"))); // Step 3: validate that there's now a single key in the directory and that it's not protected var allFiles = directory.GetFiles(); @@ -68,8 +67,7 @@ public class DataProtectionProviderTests }); var protector = provider.CreateProtector("Protector"); - var plainText = "payload"; - Assert.Equal(plainText, protector.Unprotect(protector.Protect(plainText))); + Assert.Equal("payload", protector.Unprotect(protector.Protect("payload"))); // Step 2: Validate that there's now a single key in the directory var newFileName = Assert.Single(Directory.GetFiles(keysPath)); @@ -103,8 +101,7 @@ public class DataProtectionProviderTests { configure.ProtectKeysWithDpapi(); }).CreateProtector("purpose"); - var plainText = "payload"; - Assert.Equal(plainText, protector.Unprotect(protector.Protect(plainText))); + Assert.Equal("payload", protector.Unprotect(protector.Protect("payload"))); // Step 3: validate that there's now a single key in the directory and that it's protected with DPAPI var allFiles = directory.GetFiles(); @@ -145,13 +142,12 @@ public class DataProtectionProviderTests // Step 2: instantiate the system and round-trip a payload var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose"); - var plainText = "payload"; - var data = protector.Protect(plainText); + var data = protector.Protect("payload"); // add a cert without the private key to ensure the decryption will still fallback to the cert store var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCertWithoutPrivateKey.pfx"), "password"); var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certWithoutKey)).CreateProtector("purpose"); - Assert.Equal(plainText, unprotector.Unprotect(data)); + Assert.Equal("payload", unprotector.Unprotect(data)); // Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate var allFiles = directory.GetFiles(); @@ -197,14 +193,13 @@ public class DataProtectionProviderTests var certWithKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCert3.pfx"), "password3"); var protector = DataProtectionProvider.Create(directory, certWithKey).CreateProtector("purpose"); - var plainText = "payload"; - var data = protector.Protect(plainText); + var data = protector.Protect("payload"); var keylessUnprotector = DataProtectionProvider.Create(directory).CreateProtector("purpose"); Assert.Throws<CryptographicException>(() => keylessUnprotector.Unprotect(data)); var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certInStore, certWithKey)).CreateProtector("purpose"); - Assert.Equal(plainText, unprotector.Unprotect(data)); + Assert.Equal("payload", unprotector.Unprotect(data)); } finally { @@ -231,9 +226,8 @@ public class DataProtectionProviderTests // Step 2: instantiate the system and round-trip a payload var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose"); - var plainText = "payload"; - Assert.Equal(plainText, - protector.Unprotect(protector.Protect(plainText))); + Assert.Equal("payload", + protector.Unprotect(protector.Protect("payload"))); // Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate var allFiles = directory.GetFiles(); @@ -280,8 +274,7 @@ public class DataProtectionProviderTests .Create(directory, certificate) .CreateProtector("purpose"); - var plainText = "payload"; - var data = protector.Protect(plainText); + var data = protector.Protect("payload"); // Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate var allFiles = directory.GetFiles(); @@ -294,7 +287,7 @@ public class DataProtectionProviderTests // Step 4: setup a second system and validate it can decrypt keys and unprotect data var unprotector = DataProtectionProvider.Create(directory, b => b.UnprotectKeysWithAnyCertificate(certificate)); - Assert.Equal(plainText, unprotector.CreateProtector("purpose").Unprotect(data)); + Assert.Equal("payload", unprotector.CreateProtector("purpose").Unprotect(data)); }); } diff --git a/src/Shared/CertificateGeneration/CertificateManager.cs b/src/Shared/CertificateGeneration/CertificateManager.cs index af927545cf..0bd57f57de 100644 --- a/src/Shared/CertificateGeneration/CertificateManager.cs +++ b/src/Shared/CertificateGeneration/CertificateManager.cs @@ -493,8 +493,7 @@ internal abstract class CertificateManager char[] pem; if (password != null) { - // TODO: cleanup cast: https://github.com/dotnet/aspnetcore/issues/41455 - keyBytes = key.ExportEncryptedPkcs8PrivateKey((ReadOnlySpan<char>)password, new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 100000)); + keyBytes = key.ExportEncryptedPkcs8PrivateKey(password, new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 100000)); pem = PemEncoding.Write("ENCRYPTED PRIVATE KEY", keyBytes); pemEnvelope = Encoding.ASCII.GetBytes(pem); } @@ -503,13 +502,11 @@ internal abstract class CertificateManager // Export the key first to an encrypted PEM to avoid issues with System.Security.Cryptography.Cng indicating that the operation is not supported. // This is likely by design to avoid exporting the key by mistake. // To bypass it, we export the certificate to pem temporarily and then we import it and export it as unprotected PEM. - // TODO: cleanup cast: https://github.com/dotnet/aspnetcore/issues/41455 - keyBytes = key.ExportEncryptedPkcs8PrivateKey((ReadOnlySpan<char>)"", new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 1)); + keyBytes = key.ExportEncryptedPkcs8PrivateKey(string.Empty, new PbeParameters(PbeEncryptionAlgorithm.Aes256Cbc, HashAlgorithmName.SHA256, 1)); pem = PemEncoding.Write("ENCRYPTED PRIVATE KEY", keyBytes); key.Dispose(); key = RSA.Create(); - // TODO: cleanup cast: https://github.com/dotnet/aspnetcore/issues/41455 - key.ImportFromEncryptedPem(pem, (ReadOnlySpan<char>)""); + key.ImportFromEncryptedPem(pem, string.Empty); Array.Clear(keyBytes, 0, keyBytes.Length); Array.Clear(pem, 0, pem.Length); keyBytes = key.ExportPkcs8PrivateKey(); |